Next Steps

At this point you should have a working MCollective set up with your user able to do any command of the plugins we deployed.

Confirming it is working

You can inspect the resulting configuration on your CLI:

$ mco choria show_config
Active Choria configuration:

The active configuration used in Choria comes from using Puppet AIO defaults, querying SRV
records and reading configuration files.  The below information shows the completely resolved
configuration that will be used when running MCollective commands

MCollective selated:

 MCollective Version: 2.9.1
  Client Config File: /etc/puppetlabs/mcollective/client.cfg
  Active Config File: /etc/puppetlabs/mcollective/client.cfg
   Plugin Config Dir: /etc/puppetlabs/mcollective/plugin.d
   Using SRV Records: true
          SRV Domain:
  Middleware Servers:,,

Puppet related:

       Puppet Server:
     PuppetCA Server:
     PuppetDB Server:
      Facter Command: /opt/puppetlabs/bin/facter
       Facter Domain:

SSL setup:

     Valid SSL Setup: yes
            Certname: rip.mcollective
       SSL Directory: /home/rip/.puppetlabs/etc/puppet/ssl (found)
  Client Public Cert: /home/rip/.puppetlabs/etc/puppet/ssl/certs/rip.mcollective.pem (found)
  Client Private Key: /home/rip/.puppetlabs/etc/puppet/ssl/private_keys/rip.mcollective.pem (found)
             CA Path: /home/rip/.puppetlabs/etc/puppet/ssl/certs/ca.pem (found)
            CSR Path: /home/rip/.puppetlabs/etc/puppet/ssl/certificate_requests/rip.mcollective.pem (found)

Active Choria configuration settings as found in configuration files:


Here you’ll see all results from your SRV records, config files, defaults etc all resolved. You can run this as root or a normal user and see it pick the right files etc

As of version 0.0.24 you can confirm you have some nodes connected to your collective - and get some information about which middleware server they used in the case of clusters:

$ mco rpc choria_util info

Discovering hosts using the choria method .... 3

 * [ ============================================================> ] 1 / 1

Summary of Client Flavour:

   nats-pure = 3

Summary of Client Version:

   0.2.0 = 3

Summary of Connected Broker: = 1 = 2

Summary of SRV Domain: = 2

Summary of SRV Used:

   true = 1

Finished processing 3 / 3 hosts in 228.40 ms

Here we observe 3 nodes with 1 connected to and 2 connected to Add –display allways for much more details.

From the shell you set up the user in lets check the version of puppet-agent installed on your nodes:

$ mco package status puppet-agent

 * [ ============================================================> ] 15 / 15


Summary of Arch:

   x86_64 = 3

Summary of Ensure:

   1.8.0-1.el7 = 3

Finished processing 3 / 3 hosts in 71.63 ms

MCollective knows a lot about your nodes such as all their Facts and Puppet Classes deployed to them, you can view what it knows about a certain node, this should include your classes, facts and agents deployed:

MCollective identities match the certificate names from Puppet

$ mco inventory

Inventory for

   Server Statistics:
                      Version: 2.9.1
                   Start Time: 2016-12-16 21:35:20 +0100
                  Config File: /etc/puppetlabs/mcollective/server.cfg
                  Collectives: de_collective, mcollective
              Main Collective: mcollective
                   Process ID: 13127
               Total Messages: 12
      Messages Passed Filters: 12
            Messages Filtered: 0
             Expired Messages: 0
                 Replies Sent: 11
         Total Processor Time: 35.85 seconds
                  System Time: 16.33 seconds

      discovery       filemgr         package
      puppet          rpcutil         service

   Data Plugins:
      agent           collective      fact
      fstat           puppet          resource

   Configuration Management Classes:
    mcollective                           mcollective::config
    mcollective::facts                    mcollective::packager
    mcollective::plugin_dirs              mcollective::service
    mcollective_agent_filemgr             mcollective_agent_iptables
    mcollective_agent_package             mcollective_agent_puppet
    mcollective_agent_puppetca            mcollective_agent_service
    mcollective_choria                    mcollective_util_actionpolicy

      aio_agent_version => 1.8.0
      architecture => x86_64
      augeas => {"version"=>"1.4.0"}
      augeasversion => 1.4.0

You can get a quick report of values for some fact (add -v for node names):

$ mco facts aio_agent_version
Report for fact: aio_agent_version

        1.8.0                                    found 3 times

Finished processing 3 / 3 hosts in 18.61 ms

We can check that the Puppet service is up:

$ mco service status puppet

 * [ ============================================================> ] 3 / 3 running running running

Summary of Service Status:

   running = 3

Finished processing 3 / 3 hosts in 98.98 ms

And when last Puppet ran on these nodes:

$ mco puppet status

 * [ ============================================================> ] 3 / 3 Currently idling; last completed run 6 minutes 20 seconds ago Currently idling; last completed run 10 minutes 04 seconds ago Currently idling; last completed run 25 seconds ago

Summary of Applying:

   false = 3

Summary of Daemon Running:

   running = 3

Summary of Enabled:

   enabled = 3

Summary of Idling:

   true = 3

Summary of Status:

   idling = 3

Finished processing 3 / 3 hosts in 28.27 ms

Further reading

There is much to learn about MCollective, at this point if all worked you’ll have a setup that is secured by using TLS on every middleware connection and every user securely identified and authorized via the Puppet SSL certificates with auditing and logging.

Choria has a few optional features related to integration with PuppetDB and Puppet Server, please see the optional configuration section. You should also read about Choria Playbooks.

The official documentation is a good resource for usage details:

These plugins that manage Service, Package, Puppet and Files are just plugins and they make the main user facing feature set of Mcollective. You can write your own plugins, deploy them and interact with them. There is an official guide about this.

If you do write your own plugins Choria helps you package your plugins as Puppet modules like the ones we just installed, sharable on the Forge.

Getting in touch

I am on the Puppet IRC as Volcane and on slack as ripienaar, we also have a #mcollective channel on Freenode.

If you wish to file a ticket about anything here or improve something the 2 GitHub project are choria-io/mcollective-choria and choria-io/puppet-mcollective where you can file issues.